{"id":3810,"date":"2020-10-14T11:25:00","date_gmt":"2020-10-14T11:25:00","guid":{"rendered":"http:\/\/the-codest.localhost\/blog\/web-app-security-xss-vulnerability\/"},"modified":"2026-04-27T10:24:05","modified_gmt":"2026-04-27T10:24:05","slug":"zabezpeceni-webovych-aplikaci-zranitelnost-xss","status":"publish","type":"post","link":"https:\/\/thecodest.co\/cs\/blog\/web-app-security-xss-vulnerability\/","title":{"rendered":"Zabezpe\u010den\u00ed webov\u00fdch aplikac\u00ed - zranitelnost XSS"},"content":{"rendered":"

Sc\u00e9n\u00e1\u0159 \u00fatoku<\/h2>\n\n\n\n
    \n
  1. \u00dato\u010dn\u00edk najde zranitelnost XSS na webov\u00e9 str\u00e1nce pou\u017e\u00edvan\u00e9 ob\u011bt\u00ed, nap\u0159. na webov\u00e9 str\u00e1nce banky.<\/li>\n\n\n\n
  2. Ob\u011b\u0165 je v sou\u010dasn\u00e9 dob\u011b p\u0159ihl\u00e1\u0161ena na t\u00e9to str\u00e1nce.<\/li>\n\n\n\n
  3. \u00dato\u010dn\u00edk po\u0161le ob\u011bti vytvo\u0159enou adresu URL.<\/li>\n\n\n\n
  4. Ob\u011b\u0165 klikne na adresu URL<\/li>\n\n\n\n
  5. Na ob\u011bti banka<\/a> webov\u00e9 str\u00e1nky, JavaScript<\/a> k\u00f3d<\/a> za\u010dne vykon\u00e1vat, aby zachytil u\u017eivatelovo data<\/a> nebo jeho jm\u00e9nem prov\u00e9st p\u0159evod na \u00fa\u010det \u00fato\u010dn\u00edka.<\/li>\n<\/ol>\n\n\n\n

    Stoj\u00ed za zm\u00ednku, \u017ee operace prov\u00e1d\u011bn\u00e9 jm\u00e9nem ob\u011bti mohou b\u00fdt pro ob\u011b\u0165 neviditeln\u00e9, proto\u017ee mohou prob\u00edhat na pozad\u00ed s vyu\u017eit\u00edm bankovn\u00edho syst\u00e9mu. API<\/a>, nebo je \u00fato\u010dn\u00edk m\u016f\u017ee prov\u00e9st pozd\u011bji s \u00fadaji pot\u0159ebn\u00fdmi pro ov\u011b\u0159en\u00ed, tokeny, soubory cookie atd.<\/p>\n\n\n\n

    Typy XSS<\/h2>\n\n\n\n

    1. Odra\u017een\u00fd XSS <\/h3>\n\n\n\n

    Jedn\u00e1 se o k\u00f3d HTML\/JavaScript obsa\u017een\u00fd v jak\u00e9mkoli parametru (nap\u0159. GET, POST nebo cookie), kter\u00fd se zobraz\u00ed v odpov\u011bdi.<\/p>\n\n\n\n

    Str\u00e1nka s textov\u00fdm vstupem pro vyhled\u00e1v\u00e1n\u00ed, kter\u00e1 zad\u00e1 parametr ?search=foo<\/code> v koncovce adresy URL p\u0159i dotazov\u00e1n\u00ed rozhran\u00ed API. Po zad\u00e1n\u00ed libovoln\u00e9 fr\u00e1ze, pokud nen\u00ed nalezena, se v HTML zobraz\u00ed n\u00e1vratov\u00e1 zpr\u00e1va ex.<\/p>\n\n\n\n

    <div>Nebyl nalezen \u017eádný výsledek pro <b>foo<\/b><\/div><\/code><\/pre>\n\n\n\n
    M\u016f\u017eeme zkusit zadat adresu URL ?search=<\/code>..<\/p>\n\n\n\n
    2.DOM XSS <\/h3>\n\n\n\n
    To je tehdy, kdy\u017e je jeho spu\u0161t\u011bn\u00ed povoleno pomoc\u00ed nebezpe\u010dn\u00fdch funkc\u00ed v JavaScript, jako nap\u0159. `eval`<\/code> nebo `innerHtml`<\/code>. N\u00ed\u017ee uveden\u00fd \"\u017eiv\u00fd p\u0159\u00edklad\" ukazuje \u00fatok DOM XSS zalo\u017een\u00fd na adrese `innerHtml`<\/code> funkce.<\/p>\n\n\n\n
    3. Ulo\u017een\u00fd XSS <\/h3>\n\n\n\n
    V tomto p\u0159\u00edpad\u011b je \u0161kodliv\u00fd k\u00f3d naps\u00e1n na stran\u011b serveru. Nap\u0159\u00edklad m\u016f\u017eeme odeslat koment\u00e1\u0159 se \u0161kodliv\u00fdm k\u00f3dem k p\u0159\u00edsp\u011bvku na blogu, kter\u00fd je nahr\u00e1n na server. Jeho \u00fakolem je nap\u0159\u00edklad po\u010dkat na moderaci administr\u00e1tora a pot\u00e9 ukr\u00e1st jeho \u00fadaje o relaci apod.<\/p>\n\n\n\n
    Injek\u010dn\u00ed metody<\/h2>\n\n\n\n
    1. V obsahu zna\u010dky<\/p>\n\n\n\n
    `onerror=upozorn\u011bn\u00ed('XSS')`<\/code>na<\/p>\n\n\n\n
    <img src onerror="alert('XSS')" \/><\/code><\/pre>\n\n\n\n
    2. V obsahu atributu<\/p>\n\n\n\n
    `\" onmouseover=alert('XSS')`<\/code> na<\/p>\n\n\n\n
    <div class="" onmouseover="alert('XSS')""><\/div><\/code><\/pre>\n\n\n\n
    <\/p>\n\n\n\n
      \n
    1. V obsahu atributu bez uvozovek<\/li>\n<\/ol>\n\n\n\n
      x onclick=alert('XSS')<\/code>na<\/p>\n\n\n\n
      <div class="x" onclick="alert('XSS')"><\/div><\/code><\/pre>\n\n\n\n
      <\/p>\n\n\n\n
        \n
      1. V href<\/code>atribut ef<\/li>\n<\/ol>\n\n\n\n
        javascript:alert('XSS')<\/code> na<\/p>\n\n\n\n
        <a href="javascript:alert('XSS')"><\/a><\/code><\/pre>\n\n\n\n
        <\/p>\n\n\n\n
          \n
        1. V \u0159et\u011bzci uvnit\u0159 k\u00f3du JavaScript<\/li>\n<\/ol>\n\n\n\n
          \";alert('XSS')\/\/<\/code> na<\/p>\n\n\n\n
          <script>let username=\"\";alert('XSS')\/\/\";<\/script><\/code><\/pre>\n\n\n\n
            \n
          1. V atributu s ud\u00e1lost\u00ed JavaScript<\/li>\n<\/ol>\n\n\n\n
            ');alert('XSS')\/\/<\/code> kde '<\/code> je jednoduch\u00e1 uvozovka, do<\/p>\n\n\n\n
            <div onclick="change('&#39;);alert('XSS')\/\/')">John<\/div><\/code><\/pre>\n\n\n\n
            <\/p>\n\n\n\n
              \n
            1. V href<\/code> atribut uvnit\u0159 protokolu JavaScript<\/li>\n<\/ol>\n\n\n\n
              );alert(1)\/\/<\/code> kde %27<\/code> je jednoduch\u00e1 uvozovka, do<\/p>\n\n\n\n
              <a href="javascript:change('%27);alert(1)\/\/')">klikn\u011bte na<\/a><\/code><\/pre>\n\n\n\n

               <\/code><\/p>\n\n\n\n
              \u017div\u00fd p\u0159\u00edklad<\/h3>\n\n\n\n
              \n